Cyber Security Engineer with Security Clearance

Overview: The Sponsor requires support specializing in managing and completing all necessary steps to achieve and retain an Approval to Operate (ATO). The Sponsor has multiple application teams supporting a portfolio which is the central repository for all Sponsor''s created applications. The Sponsor provides state of the art systems on cloud and applications based on products such as AWS, Oracle, SharePoint, and other web-based solutions. The Sponsor requires support specializing in managing and completing all necessary steps to achieve and retain an Approval to Operate (ATO). The Sponsor needs polished skills in maintaining Assessment and Authorization (A&A) system accreditations and continuous monitoring practices. The portfolio contains but is not a complete list of the following: • A custom production application that has a central repository for the search and discovery of internal document sensitive data and associated artifacts. • A custom production application which provides workflow and research with the ability to review, disposition, build a profile and update or nominate candidates to other Partner organizations. • A targeting and knowledge management tool which stores products in a centralized repository making it easy for search and discovery. The Cyber Security Engineer will shepherd the projects teams through the Assessment and Authorization (A&A) process and develop the documents required by the A&A process and have familiarity with all the control gates found in the process. The candidate will be responsible for creating and maintaining existing ATOs, Security relevant Con-Ops, procedures, and Systems Security Plans (SSPs) for the Sponsor''s portfolio and, work with the Sponsor''s development team to identify and define applicable security controls and responses. The individual in this role will be responsible for reviewing responses, entering responses into the Sponsor''s security tool, and updating risks; identify potential controls where the Sponsor is a common control provider and assist with drafting common control language; perform security maintenance duties for assigned projects; perform gap analysis of security controls vs. as-built and advising the Sponsor''s project team of the gaps with recommendations of resolutions options; and maintain awareness of operational patching and system level changes of assigned projects. The Cyber Security Engineer must review scans and baselines to ensure proper patch levels, ensure weekly audit log reviews are completed, and conduct regular spreadsheet reviews of Privileged Users to ensure least privilege and role separation rules are being followed. The candidate will conduct periodic reviews of Comprehensive Risk Assessment scores across all projects and shall recommend changes to the system based on a review of security test results so that the Comprehensive Risk Assessment score may be improved. They will attend meetings, provide updates, and communications as needed with the Information System Security Manager (ISSM) and provide security updates to the Sponsor weekly, and provide internal one-pager reporting to the Sponsor. 1.t(Mandatory) Demonstrated experience with the Assessment and Authorization (A&A) process.2.t(Mandatory) Demonstrated experience writing all documents required by the A&A process, such as SSPs.3.t(Mandatory) Demonstrated experience with all control gates in the A&A process.4.t(Mandatory) Demonstrated experience successfully obtaining full ATOs for numerous previous projects.5.t(Mandatory) Demonstrated experience participating in project review meetings and providing technical security guidance when necessary.6.t(Mandatory) Demonstrated experience creating and updating documentation for current and proposed security architectures7.t(Mandatory) Demonstrated hands-on experience documenting and implementing NIST 800-53 security controls.8.t(Mandatory) Demonstrated experience with A&A security tools 9.t(Mandatory) Demonstrated experience with outputs from security assessment tools and the ability to understand and coordinate assessment of findings.10.t(Mandatory) Demonstrated experience in infrastructure or application-level vulnerability assessments, or penetration testing.11.t(Mandatory) Demonstrated experience managing vulnerability solutions and processes.12.t(Mandatory) Demonstrated experience auditing using third party and open source tools while following common security frameworks.13.t(Mandatory) Demonstrated experience with security principles and best practices.14.t(Mandatory) Demonstrated experience with security monitoring and logs review.15.t(Mandatory) Demonstrated experience managing the remediation of discovered threats.16.t(Desired) Demonstrated experience providing malicious code detection, intrusion detection and cyber security tool development and integration.17.t(Desired) Demonstrated experience hardening and monitoring systems to prevent virus, malware, and malicious code intrusion.18.t(Desired) Demonstrated experience exhibiting effective organizational, writing, communications and briefing skills.19.t(Desired) Demonstrated experience with information systems architecture, utilizing security control design and development.20.t(Desired) Demonstrated hands-on experience with the Sponsor''s approach to encrypting sensitive data.21.t(Desired) Demonstrated hands-on experience working with security stakeholders such as development teams and Sponsor cloud providers.MUST be a US Citizen with a U.S. Government clearance - Intel with Polygraph NOTE: Must have an active TS-SCI with poly. No sponsorships or upgrades are available. Submissions without this requirement will not be considered. H1-B holders will not be considered. Benefits:5 week paid vacation + 10 gov''t holidays15% contribution to 401kLTD, STD disability and life insurancePaid health, dental, and vision for employee and family.$5000 annual training expense reimbursementComputer purchase plan

Created: 2025-11-01